Hackers are arguably the most creative members of the underworld. And they are reaching high levels of maturity too. We live in a world where we see hacker groups behave as IT enterprises offering subscription-based ransomware as a service (RaaS). Organizations like LockBit appear to have “customer” service, feature releases, career ladders, and… bug bounty programs.
Hackers constantly update the ways they hack into systems, and the latest technique used by LockBit affiliates is eyebrow-raising. It consists of infected copyright infringement emails. The group also started what is arguably the first bug bounty hunter program for their malicious software inviting other hackers to make their “product” better. But let’s start with the latest type of phishing emails.
The bogus emails come loaded with an attached PDF that infects the system with LockBit ransomware. The cybercriminals effectively manage their way through spam and security filters ending up tricking recipients into thinking that there is a legal claim against the targeted enterprise.
The email types first observed in Asia come with a password-protected ZIP file attached to the email. The attachment should contain copies of the images used illegally, but this is not the case. Instead, once the target tries to open the file, it shows a script-driven installer disguised as a PDF that, in reality, spreads the latest version of LockBit into the victim’s system. Once in, the sophisticated software then makes its way around the organization infecting everything possible with ransomware.
The operators of LockBit appear to be very organized and made the news by announcing what is probably the industry-first bounty hunter program tied with the launch of the latest version of the ransomware – Lockbit 3.0. The cyber-criminal organization offers payments starting at $1,000 to anyone who reports a bug in their malicious software. The new LockBit 3.0 also allows victims to pay using Zcash, which is an addition to the already available Bitcoin and Monero.
Experts believe the bounty program might also be a way for them to recruit more criminals to their organization. The more cyberpunks use the ransomware, the higher their chances will be to remain on top of the list of most successful and profitable criminal organizations, which they are holding at the moment.
The LockBit group is one of the most prolific ransomware operations and represents one of the most common threats seen lately. The ransomware spreads through phishing campaigns, credential stuffing, and known security vulnerabilities. LockBit mainly targets enterprises and government organizations, but lately, their ransomware has been used to attack smaller targets such as SMBs.